Archive for the ‘Vendor Assessment’ Category

4 things you can do to minimize cyberattacks on supply and value chains

The SolarWinds hack was a classic supply chain attack, compromising downstream organizations in order to traverse the victim’s extended enterprise of customers, suppliers, vendors and other third parties to gain unauthorized access to their on-premises and cloud systems. The hack was unprecedented, transforming a core security product into a malware delivery system that provided unauthorized access to […]

Leave a Comment

What is Third-Party Risk?

Leave a Comment

What businesses need to know to evaluate partner cyber resilience

Many recent high-profile breaches have underscored two important cybersecurity lessons: the need for increased scrutiny in evaluating access and controls of partners handling valuable customer data, and the imperativeness of assessing a third party’s (hopefully multi-layered) approach to cyber resilience. Given the average number of tech tools, platforms and partnerships today, having a clear and consistent […]

Leave a Comment

Accellion Supply Chain Hack

Leave a Comment

Why is financial cyber risk quantification important?

In its 10th annual Risk Barometer, Allianz found that cyber incidents ranked third in a list of the most important global business risks for the upcoming year, coming in second behind risks stemming from the pandemic itself. We can expect cyber incidents to increase in frequency and sophistication as cyber criminals continue to leverage the […]

Leave a Comment

Third-party risk management programs still largely a checkbox exercise

Recent data indicates that they are inconsistent (at best) when it comes to digging deep enough for clues of security issues lurking in the enterprise’s vendor and partner ecosystem. Even more troubling? Very few TPRM security assessments result in remediation action. So TPRM programs are nominally jumping through hoops to ask vendors about or observe […]

Leave a Comment

Monitoring and reviewing third party InfoSec services

Control A10 of ISO 27001 mandates for outsourcing organization to monitor and review the performance of third party service provider on regular basis which includes the contractor working on critical assets within the scope. Service level Agreement (SLA) or Operation level Agreement (OLA) are the binding legal agreement which includes all the important services to […]

Comments (1)

A guide to contract and commercial management for professionals

Contract and Commercial Management “Almost 80% of CEOs say that their organization must get better at managing external relationships. According to The Economist, one of the major reasons why so many relationships end in disappointment is that most organizations ‘are not very good at contracting’. This ground-breaking title from leading authority IACCM (International Association for […]

Comments (1)

Laptop security and vendor assessment

Another report of a laptop stolen, this one containing reams of sensitive customer information. The laptop was later returned in the same office complex, to a room which was reportedly locked; however, the sensitive data on the laptop was not encrypted. According to a San Francisco Chronicle article by Deborah Gage (Aug 6, 2008, pg. […]

Comments (4)